NVD

Id
22431  
Name
CVE-2016-9644  
Description
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-11-27  
Modified Date
2017-01-06  
Seq
2016-9644  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
119070 22431 CVE-2016-9644 [oss-security] 20161107 Re: Re: kernel: fix minor infoleak in get_user_ex()  View
119071 22431 CVE-2016-9644 94545  View
119072 22431 CVE-2016-9644 USN-3146-1  View
119073 22431 CVE-2016-9644 USN-3146-2  View
119074 22431 CVE-2016-9644 https://lwn.net/Articles/705220/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
5259 JVNDB-2016-006032 Linux Kernel の arch/x86/include/asm/uaccess.h における non-SMEP プラットフォーム上で root アクセス権を取得される脆弱性 Linux Kernel の arch/x86/include/asm/uaccess.h の __get_user_asm_ex マクロは、例外テーブルと互換性のない拡張された asm ステートメントを含むため、non-SMEP プラットフォーム上で root アクセス権を取得される脆弱性が存在します。 CVE-2016-9644 96151 CVE-2016-9644 22431 9.3 7.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-006032.html 2016-11-01 2016-11-30 View